Method and system for assessing attacks on computer networks using bayesian networks
First Claim
1. A method for processing data from a computer network to determine an occurrence of and characterize a particular activity associated with the computer network, comprising the steps of:
- managing a collection of data corresponding to events associated with the computer network;
establishing at least one model to correlate an occurrence of a predetermined set of events;
forming at least one hypothesis, using the at least one model, that characterizes the particular activity associated with the computer network; and
evaluating the at least one hypothesis using the at least one model, wherein the steps of forming and evaluating are performed interactively with the step of managing to iteratively update the collection of data.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and system are disclosed for processing data from a computer network to determine an occurrence of and characterize a particular activity associated with the computer network. In accordance with exemplary embodiments of the present invention, a collection of data is managed that corresponds to events associated with the computer network. At least one model is established to correlate an occurrence of a predetermined set of events. At least one hypothesis is formed, using the at least one model, that characterizes the particular activity associated with the computer network. The at least one hypothesis is evaluated using the at least one model. The steps of forming and evaluating are performed interactively with the step of managing to iteratively update the collection of data.
111 Citations
21 Claims
-
1. A method for processing data from a computer network to determine an occurrence of and characterize a particular activity associated with the computer network, comprising the steps of:
-
managing a collection of data corresponding to events associated with the computer network;
establishing at least one model to correlate an occurrence of a predetermined set of events;
forming at least one hypothesis, using the at least one model, that characterizes the particular activity associated with the computer network; and
evaluating the at least one hypothesis using the at least one model, wherein the steps of forming and evaluating are performed interactively with the step of managing to iteratively update the collection of data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for processing data from a computer network to determine an occurrence of and characterize a particular activity associated with the computer network, comprising:
-
at least one data source for supplying data corresponding to events associated with the computer network;
a memory that stores steps of a computer program to;
manage a collection of data corresponding to events associated with the computer network, establish at least one model to correlate an occurrence of a predetermined set of events, form at least one hypothesis, using the at least one model, that characterizes the particular activity associated with the computer network, and evaluate the at least one hypothesis using the at least one model, wherein the steps of forming and evaluating are performed interactively with the step of managing to iteratively update the collection of data; and
a processor for accessing the memory to execute the computer program. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification